Alchemix Transmuter
Alchemix
DeFiFoundrySolidity
16,653 OP
View results
Previous Next
Submission Details
Severity: low
Invalid

Low Severity Findings for StrategyMainnet.sol Contract

sonamakash54

Summary:
This report highlights the low-severity findings in the StrategyMainnet.sol contract. While these issues may not pose immediate risks, addressing them will improve the contract’s overall security, transparency, and operational efficiency. The findings primarily include missing event emissions for important operations and missing validation checks, which can lead to inefficiencies and challenges in off-chain monitoring. Each issue is accompanied by a recommended fix to improve the contract's robustness and maintain best practices.

Findings

[Low-01] Missing Event Emission in addRoute Function

  • Description: The addRoute function lacks event emissions for route additions, impacting traceability.

  • Affected Code: #L56-L66

    function addRoute( address[11] calldata route, uint256[5][5] calldata swapParams, address[5] calldata pools ) external onlyOwner {
    _routes.push(route); _swapParams.push(swapParams); _pools.push(pools);
    }

  • Recommendation: Add an event to log route additions.

    event RouteAdded(address[11] route, uint256[5][5] swapParams, address[5] pools);
    emit RouteAdded(route, swapParams, pools);

[Low-02] Missing Zero Check in _deployFunds Function

  • Description: The _deployFunds function does not check if _amount is greater than zero, leading to unnecessary gas usage.

  • Affected Code:#L81-L83

    function _deployFunds(uint256 _amount) internal {
    transmuter.deposit(address(asset), _amount);
    }

  • Recommendation: Add a require statement to validate _amount.

    require(_amount > 0, "Amount must be greater than zero");

[Low-03] Missing Event Emission in _deployFunds Function

  • Description: The _deployFunds function interacts with the transmuter but lacks an event emission after fund deployment, making it difficult to track off-chain.

  • Affected Code:#L81-L83

    function _deployFunds(uint256 _amount) internal {
    transmuter.deposit(address(asset), _amount);
    }

  • Recommendation: Emit an event like FundsDeployed(uint256 amount).

    event FundsDeployed(uint256 amount);
    emit FundsDeployed(_amount);

[Low-04] Missing Event Emission in claimAndSwap Function

  • Description: The claimAndSwap function lacks event emissions for claim and swap operations, impacting transparency and traceability.

  • Affected Code:#L93-L114

    function claimAndSwap(uint256 _amountClaim, uint256 _minOut) external onlyOwner {
    asset.transferFrom(msg.sender, address(this), _amountClaim); // Perform swap logic... }

  • Recommendation: Add an event like ClaimedAndSwapped(uint256 amountClaim, uint256 minOut).

    event ClaimedAndSwapped(uint256 amountClaim, uint256 minOut);
    emit ClaimedAndSwapped(_amountClaim, _minOut);

[Low-05] Missing Event Emission in _freeFunds Function

  • Description: The _freeFunds function lacks an event when freeing funds, making it harder to track off-chain.

  • Affected Code:#L137-L144

    function _freeFunds(uint256 _amount) internal {
    transmuter.withdraw(address(asset), _amount);
    }

  • Recommendation: Emit an event like FundsFreed(uint256 amount).

    event FundsFreed(uint256 amount);
    emit FundsFreed(_amount);

[Low-06] Missing require Check for _amount in _freeFunds Function

  • Description: The _freeFunds function does not validate that _amount is greater than zero, leading to unnecessary gas usage.

  • Affected Code:#L137-L144

    function _freeFunds(uint256 _amount) internal {
    transmuter.withdraw(address(asset), _amount);
    }

  • Recommendation: Add a require statement to validate _amount.

    require(_amount > 0, "Amount must be greater than zero");

[Low-07] Missing Event Emission in _harvestAndReport Function

  • Description: The _harvestAndReport function lacks event emissions for harvesting actions and reporting total assets, making it harder to track performance.

  • Affected Code:#L173-L193

    function _harvestAndReport() internal returns (uint256) {
    uint256 totalAssets = asset.balanceOf(address(this)); // Harvest logic... return totalAssets;
    }

  • Recommendation: Emit an event like HarvestedAndReported(uint256 totalAssets).

    event HarvestedAndReported(uint256 totalAssets);
    emit HarvestedAndReported(totalAssets);

[Low-08] Missing Event Emission in availableWithdrawLimit Function

  • Description: The availableWithdrawLimit function calculates the available withdrawal limit but does not emit an event, impacting transparency.

  • Affected Code:#L-L

    function availableWithdrawLimit() public view returns (uint256) {
    return asset.balanceOf(address(this));
    }

  • Recommendation: Emit an event like WithdrawLimitUpdated(address owner, uint256 availableLimit).

    event WithdrawLimitUpdated(address owner, uint256 availableLimit);
    emit WithdrawLimitUpdated(msg.sender, availableLimit);
Updates

Appeal created

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.